The present invention relates to an encrypted packet communication system, and more particularly to an encrypted packet communication system for censoring encrypted packets in encrypted communications on a network as employ the IP (Internet Protocol) or the like as a communication protocol.
In recent years, with the “IPization” of communication networks, IP communication networks centering round the Internet have been extensively utilized as a social infrastructure. Besides, in packet communications on the Internet as contain individual information, commercial transaction information, etc., it has become indispensable to ensure the security of a communication path for the purpose of defending against wiretaps and alterations.
As a technique concerning the communication security on the Internet, there has been well known “Security Architecture for the Internet Protocol” which is a technique discussed by IETF (The Internet Engineering Task Force) (refer to Non-Patent Document 1 being S. Kent and R. Atkinson: “Security Architecture for the Internet Protocol”, RFC2401, November 1998).
By the way, in the IPv6 (Internet Protocol ver. 6) the wide use of which is anticipated in the future, it is prescribed to perform the standard installation of the IPsec (IP security Protocol), and an IPsec facility is presently mounted on products adapted for the IPv6. Further, it is predicted that the number of connected terminals and the number of users will increase with the all “IPization” of communication networks, and that an access configuration will become complicated therewith.
Usually, with the IPsec, an encryption process based on a common key is executed for transmission/reception packets between a transmitter and a receiver, thereby to realize secure communications. Therefore, the common key and authentication/encryption algorithm information items necessary for applying the IPsec need to be determined between the transmitter and the receiver beforehand. Regarding a technique for carrying on negotiations between IPsec processors before the start of the communications and automatically generating the above common key, there has been known “The Internet Key Exchange” (refer to Non-Patent Document 2 being D. Harkins and D. Carrel: “The Internet Key Exchange (IKE)”, RFC2409, November 1998).
On the other hand, information leakage in which unintended information leaks out from an enterprise or the like organization has come to the fore. Therefore, a censoring device which serves to confirm the contents of the packets and to abolish the packets that ought not to be transferred has come into use in order to prevent the information from leaking out from a network within the organization. This device is often incorporated into a gateway which becomes the exit of the organizational network.